Portfolio Shop is all about leveraging the process of building custom portfolios and is committed to protecting the confidentiality (where appropriate), integrity and availability of its information. Portfolio Shop recognizes that external vulnerabilities can be discovered by anyone at any time and has therefore issued this policy in order to provide clear guidelines to make the process of reporting vulnerabilities, that have been discovered in good faith, easier.
If you believe you have found a security vulnerability in any of our repositories (that meets our criteria for the same), kindly report it in the below stated manner.
To report a vulnerability please open an issue in the bugs template
In order to help us triage and prioritize submissions, we recommend that vulnerability reports:
- Describe the vulnerability, where it was discovered (location of affected source code), and the potential impact of exploitation.
- Offer a detailed description of the steps needed to reproduce the vulnerability (proof of concept scripts or screenshots are helpful).
- Any special configuration required to reproduce the issue.
We prefer all communications to be mainly in English.
The Portfolio Shop team takes all security vulnerabilities seriously. Thank you for improving the security of our open source project. We appreciate your efforts and responsible disclosure and will make every effort to acknowledge your contributions.
When a security bug report is received, a primary handler will be assigned to it. This person will coordinate the fix, involving the following steps:
- Confirm the problem and determine the affected source code.
- Audit code to find any potential similar problems.
- Prepare fixes for the assigned bug report.